Security Wrap-Up (January 12th, 2021)

Unfortunately, there was tons to talk about this week! If you haven’t yet done so, it may not be the worst idea to check Have I Been Pwned?… In the meantime, check out some of our security features for this week -

70TB of Parler users’ messages, videos, and posts leaked by security researchers
A massive data scrape hit Parler after the social network went dark Monday morning following the shutdown by Amazon, Google, and Apple. The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. The security researchers who collected the user data claim that the scraped posts are linked to accounts that posted them and some of the video/image data have geolocation information, which could prove valuable to law enforcement. All of the data collected only came from live or deleted posts within Parler, not private account settings.

Ubiquiti tells customers to change passwords after security breach
Another one bites the dust. Networking and IoT device vendor Ubiquiti Networks has sent notification to all customers regarding a recent security breach. “We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” Ubiquiti stated. According to Ubiquiti, the intruder accessed servers that stored data on UI.com users such as names, passwords, email addresses, etc. Home addresses and phone numbers may have also been included, but only if the user opted in to include this information into the portal.

Adobe fixes 7 critical flaws and blocks Flash Player content
Patch Tuesday brings about more security updates as Adobe Systems has patched seven critical vulnerabilities impacting Windows, macOS, and Linux users. One of the most severe critical flaws (CVE-2021-21009) has been patched in Adobe Campaign Classic, Adobe’s marketing campaign management system. Patches also included fixes to a critical-severity heap-based buffer overflow vulnerability (CVE-2021-21006) within Adobe Photoshop and a critical flaw (CVE-2021-21007) stemming from an uncontrolled search path element. On top of their patches, they also have begun blocking Flash Player content, so when a user attempts to load a page with Flash Player, the content will no longer load.

T-Mobile discloses its fourth data breach in three years
US telecommunications provider T-Mobile has disclosed another security breach last week, which brings their total to four incidents in the past three years including August 2018, November 2019, and March 2020. Cybersecurity experts found that hackers accessed customer details such as phone numbers, the number of lines subscribed to an account, and call-related information. The hackers did not access more specific personal data such as physical addresses, email addresses, social security numbers, credit card numbers, etc. This breach impacted 0.2% of the company’s total userbase, putting the number around 200,000.

Have any additional security news you want to share? Let us know down below!

1 Like